Closed Bug 656591 Opened 14 years ago Closed 14 years ago

TI+JM: [infer failure] Missing type at #2:00028 pushed 0: void

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: jandem, Unassigned)

References

Details

-- (function () { var i = 0; (function () { var x; (x = "") || 1; (x = "")(i || x); })(); })(); -- $ ./js -a -n -m test.js [infer failure] Missing type at #2:00028 pushed 0: void Revision 5bcf457d942c, 32-bit OS X.
Better fix for the issue exposed by bug 655508, which just papered over the real problem. After writing to a local, if that local is dead we would skip writes of its payload and type tags. At a joint point, however, we would assume a synced known type for all entries, and if an entry was overwritten with a new value of the same type we wouldn't bother to write out a new type tag. To fix this dissonance, at join points we don't mark any known type for dead entries. This better reflects the state of the world: the value in memory isn't the variable's actual value (which won't be observed), and the in-memory type of that value is not known. http://hg.mozilla.org/projects/jaegermonkey/rev/9e0bab2c04b4
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.